research-pipeline

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill describes autonomous remote code execution and deployment (syncing code to remote servers, launching screen sessions, running experiments, "codex exec" reading the repo), automatic code modifications by agents, and explicit instructions to write files silently without asking the user — behaviors that can be readily abused for backdoors, remote execution, and data/credential exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The pipeline explicitly supports downloading and ingesting arXiv papers during literature survey (ARXIV_DOWNLOAD = true, referenced in the /research-lit step of Stage 1), which fetches public, user-submitted third-party content that the agent is expected to read and use to make novelty/idea decisions—so untrusted external content can materially influence subsequent actions.